The date was May 9, 1990. The Pope was touring Mexico City.
Hustlers from the Medellin Cartel were trying to buy black-market
Stinger missiles in Florida. On the comics page, Doonesbury character
Andy was dying of AIDS. And then.... a highly unusual item whose novelty
and calculated rhetoric won it headscratching attention in newspapers
all over America.
The US Attorney's office in Phoenix, Arizona, had issued a press release
announcing a nationwide law enforcement crackdown against "illegal
computer hacking activities." The sweep was officially known as
"Operation Sundevil."
Eight paragraphs in the press release gave the bare facts: twenty-seven
search warrants carried out on May 8, with three arrests, and a hundred
and fifty agents on the prowl in "twelve" cities across America.
(Different counts in local press reports yielded "thirteen," "fourteen,"
and "sixteen" cities.) Officials estimated that criminal losses of revenue
to telephone companies "may run into millions of dollars." Credit
for the Sundevil investigations was taken by the US Secret Service,
Assistant US Attorney Tim Holtzen of Phoenix, and the Assistant
Attorney General of Arizona, Gail Thackeray.
The prepared remarks of Garry M. Jenkins, appearing in a U.S.
Department of Justice press release, were of particular interest. Mr.
Jenkins was the Assistant Director of the US Secret Service, and the
highest-ranking federal official to take any direct public role in the
hacker crackdown of 1990.
"Today, the Secret Service is sending a clear message to those computer
hackers who have decided to violate the laws of this nation in the mistaken
belief that they can successfully avoid detection by hiding behind
the relative anonymity of their computer terminals.(...) "Underground
groups have been formed for the purpose of exchanging information relevant
to their criminal activities. These groups often communicate with each other through message systems between computers called 'bulletin
boards.' "Our experience shows that many computer hacker suspects are
no longer misguided teenagers, mischievously playing games with their
computers in their bedrooms. Some are now high tech computer operators
using computers to engage in unlawful conduct."
Who were these "underground groups" and "high- tech operators?"
Where had they come from? What did they want? Who *were* they?
Were they "mischievous?" Were they dangerous? How had "misguided
teenagers" managed to alarm the United States Secret Service? And just
how widespread was this sort of thing?
Of all the major players in the Hacker Crackdown: the phone companies,
law enforcement, the civil libertarians, and the "hackers" themselves —
the "hackers" are by far the most mysterious, by far the hardest to
understand, by far the *weirdest.*
Not only are "hackers" novel in their activities, but they come in a
variety of odd subcultures, with a variety of languages, motives and
values.
The earliest proto-hackers were probably those unsung mischievous
telegraph boys who were summarily fired by the Bell Company in
1878.
Legitimate "hackers," those computer enthusiasts who are independentminded
but law-abiding, generally trace their spiritual ancestry to
elite technical universities, especially M.I.T. and Stanford, in the
1960s.
But the genuine roots of the modern hacker *underground* can probably
be traced most successfully to a now much-obscured hippie anarchist
movement known as the Yippies. The Yippies, who took their name
from the largely fictional "Youth International Party," carried out a
loud and lively policy of surrealistic subversion and outrageous political
mischief. Their basic tenets were flagrant sexual promiscuity, open
and copious drug use, the political overthrow of any powermonger over
thirty years of age, and an immediate end to the war in Vietnam, by any means necessary, including the psychic levitation of the Pentagon.
The two most visible Yippies were Abbie Hoffman and Jerry Rubin.
Rubin eventually became a Wall Street broker. Hoffman, ardently
sought by federal authorities, went into hiding for seven years, in
Mexico, France, and the United States. While on the lam, Hoffman continued
to write and publish, with help from sympathizers in the
American anarcho-leftist underground. Mostly, Hoffman survived
through false ID and odd jobs. Eventually he underwent facial plastic
surgery and adopted an entirely new identity as one "Barry Freed."
After surrendering himself to authorities in 1980, Hoffman spent a
year in prison on a cocaine conviction.
Hoffman's worldview grew much darker as the glory days of the 1960s
faded. In 1989, he purportedly committed suicide, under odd and, to
some, rather suspicious circumstances.
Abbie Hoffman is said to have caused the Federal Bureau of Investigation
to amass the single largest investigation file ever opened on an individual
American citizen. (If this is true, it is still questionable whether
the FBI regarded Abbie Hoffman a serious public threat — quite possibly,
his file was enormous simply because Hoffman left colorful legendry
wherever he went). He was a gifted publicist, who regarded
electronic media as both playground and weapon. He actively enjoyed
manipulating network TV and other gullible, image- hungry media,
with various weird lies, mindboggling rumors, impersonation scams,
and other sinister distortions, all absolutely guaranteed to upset cops,
Presidential candidates, and federal judges. Hoffman's most famous
work was a book self-reflexively known as *Steal This Book,* which
publicized a number of methods by which young, penniless hippie agitators
might live off the fat of a system supported by humorless drones.
*Steal This Book,* whose title urged readers to damage the very means
of distribution which had put it into their hands, might be described as a
spiritual ancestor of a computer virus.
Hoffman, like many a later conspirator, made extensive use of payphones
for his agitation work — in his case, generally through the use of
cheap brass washers as coin-slugs. During the Vietnam War, there was a federal surtax imposed on telephone
service; Hoffman and his cohorts could, and did, argue that in
systematically stealing phone service they were engaging in civil disobedience:
virtuously denying tax funds to an illegal and immoral war.
But this thin veil of decency was soon dropped entirely. Ripping-off the
System found its own justification in deep alienation and a basic outlaw
contempt for conventional bourgeois values. Ingenious, vaguely politicized
varieties of rip-off, which might be described as "anarchy by
convenience," became very popular in Yippie circles, and because ripoff
was so useful, it was to survive the Yippie movement itself.
In the early 1970s, it required fairly limited expertise and ingenuity to
cheat payphones, to divert "free" electricity and gas service, or to rob
vending machines and parking meters for handy pocket change. It also
required a conspiracy to spread this knowledge, and the gall and nerve
actually to commit petty theft, but the Yippies had these qualifications
in plenty. In June 1971, Abbie Hoffman and a telephone enthusiast sarcastically
known as "Al Bell" began publishing a newsletter called
*Youth International Party Line.* This newsletter was dedicated to collating
and spreading Yippie rip-off techniques, especially of phones, to
the joy of the freewheeling underground and the insensate rage of all
straight people.
As a political tactic, phone-service theft ensured that Yippie advocates
would always have ready access to the long-distance telephone as a
medium, despite the Yippies' chronic lack of organization, discipline,
money, or even a steady home address.
*Party Line* was run out of Greenwich Village for a couple of years,
then "Al Bell" more or less defected from the faltering ranks of
Yippiedom, changing the newsletter's name to *TAP* or *Technical
Assistance Program.* After the Vietnam War ended, the steam began
leaking rapidly out of American radical dissent. But by this time, "Bell"
and his dozen or so core contributors had the bit between their teeth,
and had begun to derive tremendous gut-level satisfaction from the sensation
of pure *technical power.* *TAP* articles, once highly politicized, became pitilessly jargonized
and technical, in homage or parody to the Bell System's own technical
documents, which *TAP* studied closely, gutted, and reproduced without
permission. The *TAP* elite revelled in gloating possession of the specialized
knowledge necessary to beat the system.
"Al Bell" dropped out of the game by the late 70s, and "Tom Edison" took
over; TAP readers (some 1400 of them, all told) now began to show
more interest in telex switches and the growing phenomenon of computer
systems.
In 1983, "Tom Edison" had his computer stolen and his house set on fire
by an arsonist. This was an eventually mortal blow to *TAP* (though
the legendary name was to be resurrected in 1990 by a young
Kentuckian computer- outlaw named "Predat0r.")
_____
Ever since telephones began to make money, there have been people
willing to rob and defraud phone companies. The legions of petty phone
thieves vastly outnumber those "phone phreaks" who "explore the system"
for the sake of the intellectual challenge. The New York metropolitan
area (long in the vanguard of American crime) claims over
150,000 physical attacks on pay telephones every year! Studied carefully,
a modern payphone reveals itself as a little fortress, carefully
designed and redesigned over generations, to resist coin- slugs, zaps of
electricity, chunks of coin-shaped ice, prybars, magnets, lockpicks,
blasting caps. Public pay- phones must survive in a world of unfriendly,
greedy people, and a modern payphone is as exquisitely evolved as a
cactus.
Because the phone network pre-dates the computer network, the
scofflaws known as "phone phreaks" pre-date the scofflaws known as
"computer hackers." In practice, today, the line between "phreaking"
and "hacking" is very blurred, just as the distinction between telephones
and computers has blurred. The phone system has been digitized,
and computers have learned to "talk" over phone-lines. What's worse
— and this was the point of the Mr. Jenkins of the Secret Service — some hackers have learned to steal, and some thieves have learned to hack.
Despite the blurring, one can still draw a few useful behavioral distinctions
between "phreaks" and "hackers." Hackers are intensely interested
in the "system" per se, and enjoy relating to machines. "Phreaks" are
more social, manipulating the system in a rough-and-ready fashion in
order to get through to other human beings, fast, cheap and under the
table.
Phone phreaks love nothing so much as "bridges," illegal conference
calls of ten or twelve chatting conspirators, seaboard to seaboard, lasting
for many hours — and running, of course, on somebody else's tab,
preferably a large corporation's.
As phone-phreak conferences wear on, people drop out (or simply leave
the phone off the hook, while they sashay off to work or school or
babysitting), and new people are phoned up and invited to join in, from
some other continent, if possible. Technical trivia, boasts, brags, lies,
head-trip deceptions, weird rumors, and cruel gossip are all freely
exchanged.
The lowest rung of phone-phreaking is the theft of telephone access
codes. Charging a phone call to somebody else's stolen number is, of
course, a pig-easy way of stealing phone service, requiring practically
no technical expertise. This practice has been very widespread, especially
among lonely people without much money who are far from home.
Code theft has flourished especially in college dorms, military bases,
and, notoriously, among roadies for rock bands. Of late, code theft has
spread very rapidly among Third Worlders in the US, who pile up enormous
unpaid long-distance bills to the Caribbean, South America, and
Pakistan.
The simplest way to steal phone-codes is simply to look over a victim's
shoulder as he punches-in his own code-number on a public payphone.
This technique is known as "shoulder-surfing," and is especially common
in airports, bus terminals, and train stations. The code is then sold
by the thief for a few dollars. The buyer abusing the code has no computer
expertise, but calls his Mom in New York, Kingston or Caracas and runs up a huge bill with impunity. The losses from this primitive
phreaking activity are far, far greater than the monetary losses caused
by computer-intruding hackers.
In the mid-to-late 1980s, until the introduction of sterner telco security
measures, *computerized* code theft worked like a charm, and was
virtually omnipresent throughout the digital underground, among
phreaks and hackers alike. This was accomplished through programming
one's computer to try random code numbers over the telephone
until one of them worked. Simple programs to do this were widely
available in the underground; a computer running all night was likely to
come up with a dozen or so useful hits. This could be repeated week
after week until one had a large library of stolen codes.
Nowadays, the computerized dialling of hundreds of numbers can be
detected within hours and swiftly traced. If a stolen code is repeatedly
abused, this too can be detected within a few hours. But for years in the
1980s, the publication of stolen codes was a kind of elementary etiquette
for fledgling hackers. The simplest way to establish your bonafides
as a raider was to steal a code through repeated random dialling and
offer it to the "community" for use. Codes could be both stolen, and
used, simply and easily from the safety of one's own bedroom, with very
little fear of detection or punishment.
Before computers and their phone-line modems entered American homes
in gigantic numbers, phone phreaks had their own special telecommunications
hardware gadget, the famous "blue box." This fraud device (now
rendered increasingly useless by the digital evolution of the phone system)
could trick switching systems into granting free access to longdistance
lines. It did this by mimicking the system's own signal, a tone
of 2600 hertz.
Steven Jobs and Steve Wozniak, the founders of Apple Computer, Inc.,
once dabbled in selling blue-boxes in college dorms in California. For
many, in the early days of phreaking, blue-boxing was scarcely perceived
as "theft," but rather as a fun (if sneaky) way to use excess
phone capacity harmlessly. After all, the long-distance lines were
*just sitting there*.... Whom did it hurt, really? If you're not *damaging* the system, and you're not *using up any tangible resource,*
and if nobody *finds out* what you did, then what real harm have you
done? What exactly *have* you "stolen," anyway? If a tree falls in the
forest and nobody hears it, how much is the noise worth? Even now this
remains a rather dicey question.
Blue-boxing was no joke to the phone companies, however. Indeed,
when *Ramparts* magazine, a radical publication in California, printed
the wiring schematics necessary to create a mute box in June 1972,
the magazine was seized by police and Pacific Bell phone- company officials.
The mute box, a blue-box variant, allowed its user to receive
long-distance calls free of charge to the caller. This device was closely
described in a *Ramparts* article wryly titled "Regulating the Phone
Company In Your Home." Publication of this article was held to be in
violation of Californian State Penal Code section 502.7, which outlaws
ownership of wire-fraud devices and the selling of "plans or instructions
for any instrument, apparatus, or device intended to avoid telephone
toll charges."
Issues of *Ramparts* were recalled or seized on the newsstands, and the
resultant loss of income helped put the magazine out of business. This
was an ominous precedent for free-expression issues, but the telco's
crushing of a radical-fringe magazine passed without serious challenge
at the time. Even in the freewheeling California 1970s, it was widely
felt that there was something sacrosanct about what the phone company
knew; that the telco had a legal and moral right to protect itself by shutting
off the flow of such illicit information. Most telco information was
so "specialized" that it would scarcely be understood by any honest
member of the public. If not published, it would not be missed. To
print such material did not seem part of the legitimate role of a free
press.
In 1990 there would be a similar telco-inspired attack on the electronic
phreak/hacking "magazine" *Phrack.* The *Phrack* legal case
became a central issue in the Hacker Crackdown, and gave rise to great
controversy. *Phrack* would also be shut down, for a time, at least,
but this time both the telcos and their law-enforcement allies would pay
a much larger price for their actions. The *Phrack* case will be examined in detail, later.
Phone-phreaking as a social practice is still very much alive at this
moment. Today, phone-phreaking is thriving much more vigorously
than the better-known and worse-feared practice of "computer hacking."
New forms of phreaking are spreading rapidly, following new
vulnerabilities in sophisticated phone services.
Cellular phones are especially vulnerable; their chips can be re-programmed
to present a false caller ID and avoid billing. Doing so also
avoids police tapping, making cellular-phone abuse a favorite among
drug-dealers. "Call-sell operations" using pirate cellular phones can,
and have, been run right out of the backs of cars, which move from
"cell" to "cell" in the local phone system, retailing stolen long-distance
service, like some kind of demented electronic version of the neighborhood
ice-cream truck.
Private branch-exchange phone systems in large corporations can be
penetrated; phreaks dial-up a local company, enter its internal phonesystem,
hack it, then use the company's own PBX system to dial back out
over the public network, causing the company to be stuck with the
resulting long-distance bill. This technique is known as "diverting."
"Diverting" can be very costly, especially because phreaks tend to
travel in packs and never stop talking. Perhaps the worst by-product
of this "PBX fraud" is that victim companies and telcos have sued one
another over the financial responsibility for the stolen calls, thus
enriching not only shabby phreaks but well-paid lawyers.
"Voice-mail systems" can also be abused; phreaks can seize their own
sections of these sophisticated electronic answering machines, and use
them for trading codes or knowledge of illegal techniques. Voice-mail
abuse does not hurt the company directly, but finding supposedly empty
slots in your company's answering machine all crammed with phreaks
eagerly chattering and hey-duding one another in impenetrable jargon
can cause sensations of almost mystical repulsion and dread.
Worse yet, phreaks have sometimes been known to react truculently to
attempts to "clean up" the voice-mail system. Rather than humbly acquiescing to being thrown out of their playground, they may very well
call up the company officials at work (or at home) and loudly demand
free voice-mail addresses of their very own. Such bullying is taken
very seriously by spooked victims.
Acts of phreak revenge against straight people are rare, but voice-mail
systems are especially tempting and vulnerable, and an infestation of
angry phreaks in one's voice-mail system is no joke. They can erase
legitimate messages; or spy on private messages; or harass users with
recorded taunts and obscenities. They've even been known to seize control
of voice-mail security, and lock out legitimate users, or even shut
down the system entirely.
Cellular phone-calls, cordless phones, and ship-to- shore telephony
can all be monitored by various forms of radio; this kind of "passive
monitoring" is spreading explosively today. Technically eavesdropping
on other people's cordless and cellular phone-calls is the fastestgrowing
area in phreaking today. This practice strongly appeals to the
lust for power and conveys gratifying sensations of technical superiority
over the eavesdropping victim. Monitoring is rife with all manner of
tempting evil mischief. Simple prurient snooping is by far the most
common activity. But credit-card numbers unwarily spoken over the
phone can be recorded, stolen and used. And tapping people's phone-calls
(whether through active telephone taps or passive radio monitors) does
lend itself conveniently to activities like blackmail, industrial espionage,
and political dirty tricks.
It should be repeated that telecommunications fraud, the theft of phone
service, causes vastly greater monetary losses than the practice of
entering into computers by stealth. Hackers are mostly young suburban
American white males, and exist in their hundreds — but "phreaks"
come from both sexes and from many nationalities, ages and ethnic
backgrounds, and are flourishing in the thousands.
_____
The term "hacker" has had an unfortunate history. This book, *The
Hacker Crackdown,* has little to say about "hacking" in its finer, original
sense. The term can signify the free-wheeling intellectual exploration of the highest and deepest potential of computer systems.
Hacking can describe the determination to make access to computers and
information as free and open as possible. Hacking can involve the
heartfelt conviction that beauty can be found in computers, that the fine
aesthetic in a perfect program can liberate the mind and spirit. This is
"hacking" as it was defined in Steven Levy's much-praised history of the
pioneer computer milieu, *Hackers,* published in 1984.
Hackers of all kinds are absolutely soaked through with heroic antibureaucratic
sentiment. Hackers long for recognition as a praiseworthy
cultural archetype, the postmodern electronic equivalent of the cowboy
and mountain man. Whether they deserve such a reputation is something
for history to decide. But many hackers — including those outlaw
hackers who are computer intruders, and whose activities are defined as
criminal — actually attempt to *live up to* this techno-cowboy reputation.
And given that electronics and telecommunications are still largely
unexplored territories, there is simply *no telling* what hackers
might uncover.
For some people, this freedom is the very breath of oxygen, the inventive
spontaneity that makes life worth living and that flings open doors
to marvellous possibility and individual empowerment. But for many
people — and increasingly so — the hacker is an ominous figure, a
smart- aleck sociopath ready to burst out of his basement wilderness
and savage other people's lives for his own anarchical convenience.
Any form of power without responsibility, without direct and formal
checks and balances, is frightening to people — and reasonably so. It
should be frankly admitted that hackers *are* frightening, and that the
basis of this fear is not irrational.
Fear of hackers goes well beyond the fear of merely criminal activity.
Subversion and manipulation of the phone system is an act with disturbing
political overtones. In America, computers and telephones are
potent symbols of organized authority and the technocratic business
elite. But there is an element in American culture that has always strongly
rebelled against these symbols; rebelled against all large industrial
computers and all phone companies. A certain anarchical tinge deep in
the American soul delights in causing confusion and pain to all bureaucracies,
including technological ones.
There is sometimes malice and vandalism in this attitude, but it is a
deep and cherished part of the American national character. The outlaw,
the rebel, the rugged individual, the pioneer, the sturdy Jeffersonian
yeoman, the private citizen resisting interference in his pursuit of
happiness — these are figures that all Americans recognize, and that
many will strongly applaud and defend.
Many scrupulously law-abiding citizens today do cutting-edge work
with electronics — work that has already had tremendous social influence
and will have much more in years to come. In all truth, these talented,
hardworking, law-abiding, mature, adult people are far more
disturbing to the peace and order of the current status quo than any
scofflaw group of romantic teenage punk kids. These law-abiding hackers
have the power, ability, and willingness to influence other people's
lives quite unpredictably. They have means, motive, and opportunity to
meddle drastically with the American social order. When corralled
into governments, universities, or large multinational companies, and
forced to follow rulebooks and wear suits and ties, they at least have
some conventional halters on their freedom of action. But when loosed
alone, or in small groups, and fired by imagination and the entrepreneurial
spirit, they can move mountains — causing landslides that will
likely crash directly into your office and living room.
These people, as a class, instinctively recognize that a public, politicized
attack on hackers will eventually spread to them — that the term
"hacker," once demonized, might be used to knock their hands off the
levers of power and choke them out of existence. There are hackers
today who fiercely and publicly resist any besmirching of the noble title
of hacker. Naturally and understandably, they deeply resent the attack
on their values implicit in using the word "hacker" as a synonym for
computer-criminal. This book, sadly but in my opinion unavoidably, rather adds to the
degradation of the term. It concerns itself mostly with "hacking" in its
commonest latter-day definition, i.e., intruding into computer systems
by stealth and without permission.
The term "hacking" is used routinely today by almost all law enforcement
officials with any professional interest in computer fraud and
abuse. American police describe almost any crime committed with, by,
through, or against a computer as hacking.
Most importantly, "hacker" is what computer- intruders choose to call
*themselves.* Nobody who "hacks" into systems willingly describes
himself (rarely, herself) as a "computer intruder," "computer trespasser,"
"cracker," "wormer," "darkside hacker" or "high tech street
gangster." Several other demeaning terms have been invented in the
hope that the press and public will leave the original sense of the word
alone. But few people actually use these terms. (I exempt the term
"cyberpunk," which a few hackers and law enforcement people actually
do use. The term "cyberpunk" is drawn from literary criticism and has
some odd and unlikely resonances, but, like hacker, cyberpunk too has
become a criminal pejorative today.)
In any case, breaking into computer systems was hardly alien to the
original hacker tradition. The first tottering systems of the 1960s
required fairly extensive internal surgery merely to function day-byday.
Their users "invaded" the deepest, most arcane recesses of their
operating software almost as a matter of routine. "Computer security"
in these early, primitive systems was at best an afterthought. What
security there was, was entirely physical, for it was assumed that anyone
allowed near this expensive, arcane hardware would be a fully qualified
professional expert.
In a campus environment, though, this meant that grad students, teaching
assistants, undergraduates, and eventually, all manner of dropouts
and hangers-on ended up accessing and often running the works.
Universities, even modern universities, are not in the business of
maintaining security over information. On the contrary, universities, as institutions, pre-date the "information economy" by many centuries
and are not- for-profit cultural entities, whose reason for existence
(purportedly) is to discover truth, codify it through techniques of
scholarship, and then teach it. Universities are meant to *pass the
torch of civilization,* not just download data into student skulls, and the
values of the academic community are strongly at odds with those of all
would-be information empires. Teachers at all levels, from kindergarten
up, have proven to be shameless and persistent software and data
pirates. Universities do not merely "leak information" but vigorously
broadcast free thought.
This clash of values has been fraught with controversy. Many hackers
of the 1960s remember their professional apprenticeship as a long
guerilla war against the uptight mainframe-computer "information
priesthood." These computer-hungry youngsters had to struggle hard
for access to computing power, and many of them were not above certain,
er, shortcuts. But, over the years, this practice freed computing
from the sterile reserve of lab-coated technocrats and was largely
responsible for the explosive growth of computing in general society —
especially *personal* computing.
Access to technical power acted like catnip on certain of these youngsters.
Most of the basic techniques of computer intrusion: password
cracking, trapdoors, backdoors, trojan horses — were invented in college
environments in the 1960s, in the early days of network computing.
Some off-the-cuff experience at computer intrusion was to be in
the informal resume of most "hackers" and many future industry giants.
Outside of the tiny cult of computer enthusiasts, few people thought
much about the implications of "breaking into" computers. This sort of
activity had not yet been publicized, much less criminalized.
In the 1960s, definitions of "property" and "privacy" had not yet been
extended to cyberspace. Computers were not yet indispensable to society.
There were no vast databanks of vulnerable, proprietary information
stored in computers, which might be accessed, copied without permission,
erased, altered, or sabotaged. The stakes were low in the early
days — but they grew every year, exponentially, as computers themselves
grew. By the 1990s, commercial and political pressures had become overwhelming,
and they broke the social boundaries of the hacking subculture.
Hacking had become too important to be left to the hackers.
Society was now forced to tackle the intangible nature of cyberspaceas-
property, cyberspace as privately-owned unreal-estate. In the
new, severe, responsible, high- stakes context of the "Information
Society" of the 1990s, "hacking" was called into question.
What did it mean to break into a computer without permission and use
its computational power, or look around inside its files without hurting
anything? What were computer-intruding hackers, anyway — how
should society, and the law, best define their actions? Were they just
*browsers,* harmless intellectual explorers? Were they *voyeurs,*
snoops, invaders of privacy? Should they be sternly treated as potential
*agents of espionage,* or perhaps as *industrial spies?* Or were they
best defined as *trespassers,* a very common teenage misdemeanor?
Was hacking *theft of service?* (After all, intruders were getting
someone else's computer to carry out their orders, without permission
and without paying). Was hacking *fraud?* Maybe it was best
described as *impersonation.* The commonest mode of computer intrusion
was (and is) to swipe or snoop somebody else's password, and then
enter the computer in the guise of another person — who is commonly
stuck with the blame and the bills.
Perhaps a medical metaphor was better — hackers should be defined as
"sick," as *computer addicts* unable to control their irresponsible,
compulsive behavior.
But these weighty assessments meant little to the people who were actually
being judged. From inside the underground world of hacking itself,
all these perceptions seem quaint, wrongheaded, stupid, or meaningless.
The most important self-perception of underground hackers — from the
1960s, right through to the present day — is that they are an *elite.*
The day-to-day struggle in the underground is not over sociological definitions
— who cares? — but for power, knowledge, and status among
one's peers. When you are a hacker, it is your own inner conviction of your elite
status that enables you to break, or let us say "transcend," the rules. It
is not that *all* rules go by the board. The rules habitually broken by
hackers are *unimportant* rules — the rules of dopey greedhead telco
bureaucrats and pig-ignorant government pests.
Hackers have their *own* rules, which separate behavior which is cool
and elite, from behavior which is rodentlike, stupid and losing. These
"rules," however, are mostly unwritten and enforced by peer pressure
and tribal feeling. Like all rules that depend on the unspoken conviction
that everybody else is a good old boy, these rules are ripe for abuse. The
mechanisms of hacker peer- pressure, "teletrials" and ostracism, are
rarely used and rarely work. Back-stabbing slander, threats, and electronic
harassment are also freely employed in down- and-dirty intrahacker
feuds, but this rarely forces a rival out of the scene entirely.
The only real solution for the problem of an utterly losing, treacherous
and rodentlike hacker is to *turn him in to the police.* Unlike the
Mafia or Medellin Cartel, the hacker elite cannot simply execute the
bigmouths, creeps and troublemakers among their ranks, so they turn
one another in with astonishing frequency.
There is no tradition of silence or *omerta* in the hacker underworld.
Hackers can be shy, even reclusive, but when they do talk, hackers tend
to brag, boast and strut. Almost everything hackers do is *invisible;*
if they don't brag, boast, and strut about it, then *nobody will ever
know.* If you don't have something to brag, boast, and strut about, then
nobody in the underground will recognize you and favor you with vital
cooperation and respect.
The way to win a solid reputation in the underground is by telling other
hackers things that could only have been learned by exceptional cunning
and stealth. Forbidden knowledge, therefore, is the basic currency of the
digital underground, like seashells among Trobriand Islanders. Hackers
hoard this knowledge, and dwell upon it obsessively, and refine it, and
bargain with it, and talk and talk about it.
Many hackers even suffer from a strange obsession to *teach* — to
spread the ethos and the knowledge of the digital underground. They'll do this even when it gains them no particular advantage and presents a
grave personal risk.
And when that risk catches up with them, they will go right on teaching
and preaching — to a new audience this time, their interrogators from
law enforcement. Almost every hacker arrested tells everything he
knows — all about his friends, his mentors, his disciples — legends,
threats, horror stories, dire rumors, gossip, hallucinations. This is, of
course, convenient for law enforcement — except when law enforcement
begins to believe hacker legendry.
Phone phreaks are unique among criminals in their willingness to call
up law enforcement officials — in the office, at their homes — and give
them an extended piece of their mind. It is hard not to interpret this as
*begging for arrest,* and in fact it is an act of incredible foolhardiness.
Police are naturally nettled by these acts of chutzpah and will go well
out of their way to bust these flaunting idiots. But it can also be interpreted
as a product of a world-view so elitist, so closed and hermetic,
that electronic police are simply not perceived as "police," but rather
as *enemy phone phreaks* who should be scolded into behaving "decently."
Hackers at their most grandiloquent perceive themselves as the elite
pioneers of a new electronic world. Attempts to make them obey the
democratically established laws of contemporary American society are
seen as repression and persecution. After all, they argue, if Alexander
Graham Bell had gone along with the rules of the Western Union telegraph
company, there would have been no telephones. If Jobs and
Wozniak had believed that IBM was the be-all and end-all, there would
have been no personal computers. If Benjamin Franklin and Thomas
Jefferson had tried to "work within the system" there would have been
no United States.
Not only do hackers privately believe this as an article of faith, but they
have been known to write ardent manifestos about it. Here are some
revealing excerpts from an especially vivid hacker manifesto: "The
Techno- Revolution" by "Dr. Crash," which appeared in electronic
form in *Phrack* Volume 1, Issue 6, Phile 3. "To fully explain the true motives behind hacking, we must first take a
quick look into the past. In the 1960s, a group of MIT students built the
first modern computer system. This wild, rebellious group of young
men were the first to bear the name 'hackers.' The systems that they
developed were intended to be used to solve world problems and to benefit
all of mankind. "As we can see, this has not been the case. The computer
system has been solely in the hands of big businesses and the government.
The wonderful device meant to enrich life has become a
weapon which dehumanizes people. To the government and large businesses,
people are no more than disk space, and the government doesn't
use computers to arrange aid for the poor, but to control nuclear death
weapons. The average American can only have access to a small microcomputer
which is worth only a fraction of what they pay for it. The
businesses keep the true state-of-the-art equipment away from the
people behind a steel wall of incredibly high prices and bureaucracy. It
is because of this state of affairs that hacking was born.(...) "Of course,
the government doesn't want the monopoly of technology broken, so they
have outlawed hacking and arrest anyone who is caught.(...) The phone
company is another example of technology abused and kept from people
with high prices.(...) "Hackers often find that their existing equipment,
due to the monopoly tactics of computer companies, is inefficient for
their purposes. Due to the exorbitantly high prices, it is impossible to
legally purchase the necessary equipment. This need has given still
another segment of the fight: Credit Carding. Carding is a way of
obtaining the necessary goods without paying for them. It is again due to
the companies' stupidity that Carding is so easy, and shows that the
world's businesses are in the hands of those with considerably less
technical know-how than we, the hackers. (...) "Hacking must continue.
We must train newcomers to the art of hacking.(....) And whatever you
do, continue the fight. Whether you know it or not, if you are a hacker,
you are a revolutionary. Don't worry, you're on the right side."
The defense of "carding" is rare. Most hackers regard credit-card theft
as "poison" to the underground, a sleazy and immoral effort that, worse
yet, is hard to get away with. Nevertheless, manifestos advocating
credit- card theft, the deliberate crashing of computer systems, and
even acts of violent physical destruction such as vandalism and arson do exist in the underground. These boasts and threats are taken quite seriously
by the police. And not every hacker is an abstract, Platonic computer-
nerd. Some few are quite experienced at picking locks, robbing
phone-trucks, and breaking and entering buildings.
Hackers vary in their degree of hatred for authority and the violence of
their rhetoric. But, at a bottom line, they are scofflaws. They don't
regard the current rules of electronic behavior as respectable efforts to
preserve law and order and protect public safety. They regard these
laws as immoral efforts by soulless corporations to protect their profit
margins and to crush dissidents. "Stupid" people, including police,
businessmen, politicians, and journalists, simply have no right to judge
the actions of those possessed of genius, techno-revolutionary intentions,
and technical expertise.
_____
Hackers are generally teenagers and college kids not engaged in earning a
living. They often come from fairly well-to-do middle-class backgrounds,
and are markedly anti-materialistic (except, that is, when it
comes to computer equipment). Anyone motivated by greed for mere
money (as opposed to the greed for power, knowledge and status) is
swiftly written-off as a narrow- minded breadhead whose interests can
only be corrupt and contemptible. Having grown up in the 1970s and
1980s, the young Bohemians of the digital underground regard straight
society as awash in plutocratic corruption, where everyone from the
President down is for sale and whoever has the gold makes the rules.
Interestingly, there's a funhouse-mirror image of this attitude on the
other side of the conflict. The police are also one of the most markedly
anti-materialistic groups in American society, motivated not by mere
money but by ideals of service, justice, esprit-de-corps, and, of
course, their own brand of specialized knowledge and power.
Remarkably, the propaganda war between cops and hackers has always
involved angry allegations that the other side is trying to make a sleazy
buck. Hackers consistently sneer that anti-phreak prosecutors are
angling for cushy jobs as telco lawyers and that computer- crime police
are aiming to cash in later as well-paid computer-security consultants
in the private sector For their part, police publicly conflate all hacking crimes with robbing
payphones with crowbars. Allegations of "monetary losses" from computer
intrusion are notoriously inflated. The act of illicitly copying a
document from a computer is morally equated with directly robbing a
company of, say, half a million dollars. The teenage computer intruder
in possession of this "proprietary" document has certainly not sold it
for such a sum, would likely have little idea how to sell it at all, and
quite probably doesn't even understand what he has. He has not made a
cent in profit from his felony but is still morally equated with a thief
who has robbed the church poorbox and lit out for Brazil.
Police want to believe that all hackers are thieves. It is a tortuous and
almost unbearable act for the American justice system to put people in
jail because they want to learn things which are forbidden for them to
know. In an American context, almost any pretext for punishment is
better than jailing people to protect certain restricted kinds of information.
Nevertheless, *policing information* is part and parcel of the
struggle against hackers.
This dilemma is well exemplified by the remarkable activities of
"Emmanuel Goldstein," editor and publisher of a print magazine known
as *2600: The Hacker Quarterly.* Goldstein was an English major at
Long Island's State University of New York in the '70s, when he became
involved with the local college radio station. His growing interest in
electronics caused him to drift into Yippie *TAP* circles and thus into
the digital underground, where he became a self-described techno- rat.
His magazine publishes techniques of computer intrusion and telephone
"exploration" as well as gloating exposes of telco misdeeds and governmental
failings.
Goldstein lives quietly and very privately in a large, crumbling
Victorian mansion in Setauket, New York. The seaside house is decorated
with telco decals, chunks of driftwood, and the basic bric-a-brac of a
hippie crash-pad. He is unmarried, mildly unkempt, and survives
mostly on TV dinners and turkey-stuffing eaten straight out of the bag.
Goldstein is a man of considerable charm and fluency, with a brief, disarming
smile and the kind of pitiless, stubborn, thoroughly recidivist integrity that America's electronic police find genuinely alarming.
Goldstein took his nom-de-plume, or "handle," from a character in
Orwell's *1984,* which may be taken, correctly, as a symptom of the
gravity of his sociopolitical worldview. He is not himself a practicing
computer intruder, though he vigorously abets these actions, especially
when they are pursued against large corporations or governmental
agencies. Nor is he a thief, for he loudly scorns mere theft of phone
service, in favor of 'exploring and manipulating the system.' He is
probably best described and understood as a *dissident.*
Weirdly, Goldstein is living in modern America under conditions very
similar to those of former East European intellectual dissidents. In
other words, he flagrantly espouses a value-system that is deeply and
irrevocably opposed to the system of those in power and the police. The
values in *2600* are generally expressed in terms that are ironic,
sarcastic, paradoxical, or just downright confused. But there's no mistaking
their radically anti-authoritarian tenor. *2600* holds that
technical power and specialized knowledge, of any kind obtainable,
belong by right in the hands of those individuals brave and bold enough
to discover them — by whatever means necessary. Devices, laws, or
systems that forbid access, and the free spread of knowledge, are provocations
that any free and self-respecting hacker should relentlessly
attack. The "privacy" of governments, corporations and other soulless
technocratic organizations should never be protected at the expense of
the liberty and free initiative of the individual techno-rat.
However, in our contemporary workaday world, both governments and
corporations are very anxious indeed to police information which is
secret, proprietary, restricted, confidential, copyrighted, patented,
hazardous, illegal, unethical, embarrassing, or otherwise sensitive.
This makes Goldstein persona non grata, and his philosophy a threat.
Very little about the conditions of Goldstein's daily life would astonish,
say, Vaclav Havel. (We may note in passing that President Havel once
had his word-processor confiscated by the Czechoslovak police.)
Goldstein lives by *samizdat,* acting semi-openly as a data-center for
the underground, while challenging the powers-that-be to abide by their own stated rules: freedom of speech and the First Amendment.
Goldstein thoroughly looks and acts the part of techno-rat, with shoulder-
length ringlets and a piratical black fisherman's-cap set at a rakish
angle. He often shows up like Banquo's ghost at meetings of computer
professionals, where he listens quietly, half-smiling and taking thorough
notes.
Computer professionals generally meet publicly, and find it very difficult
to rid themselves of Goldstein and his ilk without extralegal and
unconstitutional actions. Sympathizers, many of them quite respectable
people with responsible jobs, admire Goldstein's attitude and surreptitiously
pass him information. An unknown but presumably large proportion
of Goldstein's 2,000-plus readership are telco security personnel
and police, who are forced to subscribe to *2600* to stay
abreast of new developments in hacking. They thus find themselves
*paying this guy's rent* while grinding their teeth in anguish, a situation
that would have delighted Abbie Hoffman (one of Goldstein's few
idols).
Goldstein is probably the best-known public representative of the
hacker underground today, and certainly the best-hated. Police regard
him as a Fagin, a corrupter of youth, and speak of him with untempered
loathing. He is quite an accomplished gadfly.
After the Martin Luther King Day Crash of 1990, Goldstein, for
instance, adeptly rubbed salt into the wound in the pages of *2600.*
"Yeah, it was fun for the phone phreaks as we watched the network
crumble," he admitted cheerfully. "But it was also an ominous sign of
what's to come... Some AT&T people, aided by well-meaning but ignorant
media, were spreading the notion that many companies had the same
software and therefore could face the same problem someday. Wrong.
This was entirely an AT&T software deficiency. Of course, other companies
could face entirely *different* software problems. But then, so too
could AT&T."
After a technical discussion of the system's failings, the Long Island
techno-rat went on to offer thoughtful criticism to the gigantic multinational's hundreds of professionally qualified engineers. "What we
don't know is how a major force in communications like AT&T could be
so sloppy. What happened to backups? Sure, computer systems go down
all the time, but people making phone calls are not the same as people
logging on to computers. We must make that distinction. It's not
acceptable for the phone system or any other essential service to 'go
down.' If we continue to trust technology without understanding it, we
can look forward to many variations on this theme. "AT&T owes it to its
customers to be prepared to *instantly* switch to another network if
something strange and unpredictable starts occurring. The news here
isn't so much the failure of a computer program, but the failure of
AT&T's entire structure."
The very idea of this.... this *person*.... offering "advice" about
"AT&T's entire structure" is more than some people can easily bear.
How dare this near-criminal dictate what is or isn't "acceptable"
behavior from AT&T? Especially when he's publishing, in the very same
issue, detailed schematic diagrams for creating various switching-network
signalling tones unavailable to the public.
"See what happens when you drop a 'silver box' tone or two down your
local exchange or through different long distance service carriers,"
advises *2600* contributor "Mr. Upsetter" in "How To Build a Signal
Box." "If you experiment systematically and keep good records, you will
surely discover something interesting."
This is, of course, the scientific method, generally regarded as a praiseworthy
activity and one of the flowers of modern civilization. One can
indeed learn a great deal with this sort of structured intellectual activity.
Telco employees regard this mode of "exploration" as akin to flinging
sticks of dynamite into their pond to see what lives on the bottom.
*2600* has been published consistently since 1984. It has also run a
bulletin board computer system, printed *2600* T-shirts, taken fax
calls... The Spring 1991 issue has an interesting announcement on page
45: "We just discovered an extra set of wires attached to our fax line
and heading up the pole. (They've since been clipped.) Your faxes to us
and to anyone else could be monitored." In the worldview of *2600,* the tiny band of techno- rat brothers
(rarely, sisters) are a beseiged vanguard of the truly free and honest.
The rest of the world is a maelstrom of corporate crime and high-level
governmental corruption, occasionally tempered with well-meaning
ignorance. To read a few issues in a row is to enter a nightmare akin to
Solzhenitsyn's, somewhat tempered by the fact that *2600* is often
extremely funny.
Goldstein did not become a target of the Hacker Crackdown, though he
protested loudly, eloquently, and publicly about it, and it added considerably
to his fame. It was not that he is not regarded as dangerous,
because he is so regarded. Goldstein has had brushes with the law in the
past: in 1985, a *2600* bulletin board computer was seized by the
FBI, and some software on it was formally declared "a burglary tool in
the form of a computer program." But Goldstein escaped direct repression
in 1990, because his magazine is printed on paper, and recognized
as subject to Constitutional freedom of the press protection. As was seen
in the *Ramparts* case, this is far from an absolute guarantee. Still,
as a practical matter, shutting down *2600* by court-order would
create so much legal hassle that it is simply unfeasible, at least for the
present. Throughout 1990, both Goldstein and his magazine were
peevishly thriving.
Instead, the Crackdown of 1990 would concern itself with the computerized
version of forbidden data. The crackdown itself, first and foremost,
was about *bulletin board systems.* Bulletin Board Systems,
most often known by the ugly and un-pluralizable acronym "BBS," are
the life-blood of the digital underground. Boards were also central to
law enforcement's tactics and strategy in the Hacker Crackdown.
A "bulletin board system" can be formally defined as a computer which
serves as an information and message- passing center for users dialingup
over the phone-lines through the use of modems. A "modem," or
modulator- demodulator, is a device which translates the digital
impulses of computers into audible analog telephone signals, and vice
versa. Modems connect computers to phones and thus to each other Large-scale mainframe computers have been connected since the
1960s, but *personal* computers, run by individuals out of their
homes, were first networked in the late 1970s. The "board" created by
Ward Christensen and Randy Suess in February 1978, in Chicago,
Illinois, is generally regarded as the first personal-computer bulletin
board system worthy of the name.
Boards run on many different machines, employing many different kinds
of software. Early boards were crude and buggy, and their managers,
known as "system operators" or "sysops," were hard-working technical
experts who wrote their own software. But like most everything else in
the world of electronics, boards became faster, cheaper, betterdesigned,
and generally far more sophisticated throughout the 1980s.
They also moved swiftly out of the hands of pioneers and into those of the
general public. By 1985 there were something in the neighborhood of
4,000 boards in America. By 1990 it was calculated, vaguely, that
there were about 30,000 boards in the US, with uncounted thousands
overseas.
Computer bulletin boards are unregulated enterprises. Running a board
is a rough-and-ready, catch- as-catch-can proposition. Basically,
anybody with a computer, modem, software and a phone-line can start a
board. With second-hand equipment and public-domain free software,
the price of a board might be quite small — less than it would take to
publish a magazine or even a decent pamphlet. Entrepreneurs eagerly
sell bulletin- board software, and will coach nontechnical amateur
sysops in its use.
Boards are not "presses." They are not magazines, or libraries, or
phones, or CB radios, or traditional cork bulletin boards down at the
local laundry, though they have some passing resemblance to those earlier
media. Boards are a new medium — they may even be a *large number*
of new media.
Consider these unique characteristics: boards are cheap, yet they can
have a national, even global reach. Boards can be contacted from anywhere
in the global telephone network, at *no cost* to the person running
the board — the caller pays the phone bill, and if the caller is local, the call is free. Boards do not involve an editorial elite addressing a
mass audience. The "sysop" of a board is not an exclusive publisher or
writer — he is managing an electronic salon, where individuals can
address the general public, play the part of the general public, and also
exchange private mail with other individuals. And the "conversation" on
boards, though fluid, rapid, and highly interactive, is not spoken, but
written. It is also relatively anonymous, sometimes completely so.
And because boards are cheap and ubiquitous, regulations and licensing
requirements would likely be practically unenforceable. It would
almost be easier to "regulate" "inspect" and "license" the content of
private mail — probably more so, since the mail system is operated by
the federal government. Boards are run by individuals, independently,
entirely at their own whim.
For the sysop, the cost of operation is not the primary limiting factor.
Once the investment in a computer and modem has been made, the only
steady cost is the charge for maintaining a phone line (or several phone
lines). The primary limits for sysops are time and energy. Boards
require upkeep. New users are generally "validated" — they must be
issued individual passwords, and called at home by voice-phone, so that
their identity can be verified. Obnoxious users, who exist in plenty,
must be chided or purged. Proliferating messages must be deleted when
they grow old, so that the capacity of the system is not overwhelmed.
And software programs (if such things are kept on the board) must be
examined for possible computer viruses. If there is a financial charge
to use the board (increasingly common, especially in larger and fancier
systems) then accounts must be kept, and users must be billed. And if
the board crashes — a very common occurrence — then repairs must be
made.
Boards can be distinguished by the amount of effort spent in regulating
them. First, we have the completely open board, whose sysop is off
chugging brews and watching re-runs while his users generally degenerate
over time into peevish anarchy and eventual silence. Second comes
the supervised board, where the sysop breaks in every once in a while
to tidy up, calm brawls, issue announcements, and rid the community of
dolts and troublemakers. Third is the heavily supervised board, which sternly urges adult and responsible behavior and swiftly edits any message
considered offensive, impertinent, illegal or irrelevant. And last
comes the completely edited "electronic publication," which is presented
to a silent audience which is not allowed to respond directly in
any way.
Boards can also be grouped by their degree of anonymity. There is the
completely anonymous board, where everyone uses pseudonyms — "handles"
— and even the sysop is unaware of the user's true identity. The
sysop himself is likely pseudonymous on a board of this type. Second,
and rather more common, is the board where the sysop knows (or
thinks he knows) the true names and addresses of all users, but the
users don't know one another's names and may not know his. Third is
the board where everyone has to use real names, and roleplaying and
pseudonymous posturing are forbidden.
Boards can be grouped by their immediacy. "Chat- lines" are boards
linking several users together over several different phone-lines
simultaneously, so that people exchange messages at the very moment
that they type. (Many large boards feature "chat" capabilities along
with other services.) Less immediate boards, perhaps with a single
phoneline, store messages serially, one at a time. And some boards are
only open for business in daylight hours or on weekends, which greatly
slows response. A *network* of boards, such as "FidoNet," can carry
electronic mail from board to board, continent to continent, across huge
distances — but at a relative snail's pace, so that a message can take
several days to reach its target audience and elicit a reply.
Boards can be grouped by their degree of community. Some boards
emphasize the exchange of private, person-to-person electronic mail.
Others emphasize public postings and may even purge people who
"lurk," merely reading posts but refusing to openly participate. Some
boards are intimate and neighborly. Others are frosty and highly technical.
Some are little more than storage dumps for software, where
users "download" and "upload" programs, but interact among themselves
little if at all.
Boards can be grouped by their ease of access. Some boards are entirely public. Others are private and restricted only to personal friends of the
sysop. Some boards divide users by status. On these boards, some
users, especially beginners, strangers or children, will be restricted to
general topics, and perhaps forbidden to post. Favored users, though,
are granted the ability to post as they please, and to stay "on-line" as
long as they like, even to the disadvantage of other people trying to call
in. High- status users can be given access to hidden areas in the board,
such as off-color topics, private discussions, and/or valuable software.
Favored users may even become "remote sysops" with the power to take
remote control of the board through their own home computers. Quite
often "remote sysops" end up doing all the work and taking formal control
of the enterprise, despite the fact that it's physically located in
someone else's house. Sometimes several "co-sysops" share power.
And boards can also be grouped by size. Massive, nationwide commercial
networks, such as CompuServe, Delphi, GEnie and Prodigy, are run on
mainframe computers and are generally not considered "boards," though
they share many of their characteristics, such as electronic mail, discussion
topics, libraries of software, and persistent and growing problems
with civil-liberties issues. Some private boards have as many as
thirty phone-lines and quite sophisticated hardware. And then there
are tiny boards.
Boards vary in popularity. Some boards are huge and crowded, where
users must claw their way in against a constant busy-signal. Others are
huge and empty — there are few things sadder than a formerly flourishing
board where no one posts any longer, and the dead conversations of
vanished users lie about gathering digital dust. Some boards are tiny
and intimate, their telephone numbers intentionally kept confidential so
that only a small number can log on.
And some boards are *underground.*
Boards can be mysterious entities. The activities of their users can be
hard to differentiate from conspiracy. Sometimes they *are* conspiracies.
Boards have harbored, or have been accused of harboring, all
manner of fringe groups, and have abetted, or been accused of abetting,
every manner of frowned-upon, sleazy, radical, and criminal activity. There are Satanist boards. Nazi boards. Pornographic boards.
Pedophile boards. Drug- dealing boards. Anarchist boards. Communist
boards. Gay and Lesbian boards (these exist in great profusion, many of
them quite lively with well-established histories). Religious cult
boards. Evangelical boards. Witchcraft boards, hippie boards, punk
boards, skateboarder boards. Boards for UFO believers. There may well
be boards for serial killers, airline terrorists and professional assassins.
There is simply no way to tell. Boards spring up, flourish, and
disappear in large numbers, in most every corner of the developed
world. Even apparently innocuous public boards can, and sometimes do,
harbor secret areas known only to a few. And even on the vast, public,
commercial services, private mail is very private — and quite possibly
criminal.
Boards cover most every topic imaginable and some that are hard to
imagine. They cover a vast spectrum of social activity. However, all
board users do have something in common: their possession of computers
and phones. Naturally, computers and phones are primary topics of
conversation on almost every board.
And hackers and phone phreaks, those utter devotees of computers and
phones, live by boards. They swarm by boards. They are bred by
boards. By the late 1980s, phone-phreak groups and hacker groups,
united by boards, had proliferated fantastically.
As evidence, here is a list of hacker groups compiled by the editors of
*Phrack* on August 8, 1988.
The Administration. Advanced Telecommunications, Inc. ALIAS.
American Tone Travelers. Anarchy Inc. Apple Mafia. The Association.
Atlantic Pirates Guild.
Bad Ass Mother Fuckers. Bellcore. Bell Shock Force. Black Bag.
Camorra. C&M Productions. Catholics Anonymous. Chaos Computer
Club. Chief Executive Officers. Circle Of Death. Circle Of Deneb. Club
X. Coalition of Hi-Tech Pirates. Coast-To-Coast. Corrupt Computing.
Cult Of The Dead Cow. Custom Retaliations. Damage Inc. D&B Communications. The Dange Gang. Dec Hunters.
Digital Gang. DPAK.
Eastern Alliance. The Elite Hackers Guild. Elite Phreakers and Hackers
Club. The Elite Society Of America. EPG. Executives Of Crime. Extasyy
Elite.
Fargo 4A. Farmers Of Doom. The Federation. Feds R Us. First Class.
Five O. Five Star. Force Hackers. The 414s.
Hack-A-Trip. Hackers Of America. High Mountain Hackers. High
Society. The Hitchhikers.
IBM Syndicate. The Ice Pirates. Imperial Warlords. Inner Circle.
Inner Circle II. Insanity Inc. International Computer Underground
Bandits.
Justice League of America.
Kaos Inc. Knights Of Shadow. Knights Of The Round Table.
League Of Adepts. Legion Of Doom. Legion Of Hackers. Lords Of Chaos.
Lunatic Labs, Unlimited.
Master Hackers. MAD! The Marauders. MD/PhD. Metal
Communications, Inc. MetalliBashers, Inc. MBI. Metro
Communications. Midwest Pirates Guild.
NASA Elite. The NATO Association. Neon Knights. Nihilist Order.
Order Of The Rose. OSS.
Pacific Pirates Guild. Phantom Access Associates. PHido PHreaks. The
Phirm. Phlash. PhoneLine Phantoms. Phone Phreakers Of America.
Phortune 500. Phreak Hack Delinquents. Phreak Hack Destroyers.
Phreakers, Hackers, And Laundromat Employees Gang (PHALSE Gang).
Phreaks Against Geeks. Phreaks Against Phreaks Against Geeks.
Phreaks and Hackers of America. Phreaks Anonymous World Wide. Project Genesis. The Punk Mafia.
The Racketeers. Red Dawn Text Files. Roscoe Gang.
SABRE. Secret Circle of Pirates. Secret Service. 707 Club. Shadow
Brotherhood. Sharp Inc. 65C02 Elite. Spectral Force. Star League.
Stowaways. Strata-Crackers.
Team Hackers '86. Team Hackers '87. TeleComputist Newsletter Staff.
Tribunal Of Knowledge. Triple Entente. Turn Over And Die Syndrome
(TOADS). 300 Club. 1200 Club. 2300 Club. 2600 Club. 2601 Club.
2AF.
The United Soft WareZ Force. United Technical Underground.
Ware Brigade. The Warelords. WASP.
Contemplating this list is an impressive, almost humbling business.
As a cultural artifact, the thing approaches poetry.
Underground groups — subcultures — can be distinguished from independent
cultures by their habit of referring constantly to the parent
society. Undergrounds by their nature constantly must maintain a
membrane of differentiation. Funny/distinctive clothes and hair, specialized
jargon, specialized ghettoized areas in cities, different hours of
rising, working, sleeping.... The digital underground, which specializes
in information, relies very heavily on language to distinguish itself. As
can be seen from this list, they make heavy use of parody and mockery.
It's revealing to see who they choose to mock.
First, large corporations. We have the Phortune 500, The Chief
Executive Officers, Bellcore, IBM Syndicate, SABRE (a computerized
reservation service maintained by airlines). The common use of "Inc."
is telling — none of these groups are actual corporations, but take clear
delight in mimicking them.
Second, governments and police. NASA Elite, NATO Association. "Feds R
Us" and "Secret Service" are fine bits of fleering boldness. OSS — the Office of Strategic Services was the forerunner of the CIA.
Third, criminals. Using stigmatizing pejoratives as a perverse badge of
honor is a time-honored tactic for subcultures: punks, gangs, delinquents,
mafias, pirates, bandits, racketeers.
Specialized orthography, especially the use of "ph" for "f" and "z" for
the plural "s," are instant recognition symbols. So is the use of the
numeral "0" for the letter "O" — computer-software orthography generally
features a slash through the zero, making the distinction obvious.
Some terms are poetically descriptive of computer intrusion: the
Stowaways, the Hitchhikers, the PhoneLine Phantoms, Coast-to-Coast.
Others are simple bravado and vainglorious puffery. (Note the insistent
use of the terms "elite" and "master.") Some terms are blasphemous,
some obscene, others merely cryptic — anything to puzzle, offend, confuse,
and keep the straights at bay.
Many hacker groups further re-encrypt their names by the use of
acronyms: United Technical Underground becomes UTU, Farmers of
Doom become FoD, the United SoftWareZ Force becomes, at its own
insistence, "TuSwF," and woe to the ignorant rodent who capitalizes the
wrong letters.
It should be further recognized that the members of these groups are
themselves pseudonymous. If you did, in fact, run across the
"PhoneLine Phantoms," you would find them to consist of "Carrier
Culprit," "The Executioner," "Black Majik," "Egyptian Lover," "Solid
State," and "Mr Icom." "Carrier Culprit" will likely be referred to by
his friends as "CC," as in, "I got these dialups from CC of PLP."
It's quite possible that this entire list refers to as few as a thousand
people. It is not a complete list of underground groups — there has
never been such a list, and there never will be. Groups rise, flourish,
decline, share membership, maintain a cloud of wannabes and casual
hangers-on. People pass in and out, are ostracized, get bored, are busted
by police, or are cornered by telco security and presented with huge
bills. Many "underground groups" are software pirates, "warez d00dz," who might break copy protection and pirate programs, but likely
wouldn't dare to intrude on a computer-system.
It is hard to estimate the true population of the digital underground.
There is constant turnover. Most hackers start young, come and go, then
drop out at age 22 — the age of college graduation. And a large majority
of "hackers" access pirate boards, adopt a handle, swipe software and
perhaps abuse a phone-code or two, while never actually joining the
elite.
Some professional informants, who make it their business to retail
knowledge of the underground to paymasters in private corporate security,
have estimated the hacker population at as high as fifty thousand.
This is likely highly inflated, unless one counts every single teenage
software pirate and petty phone-booth thief. My best guess is about
5,000 people. Of these, I would guess that as few as a hundred are
truly "elite" — active computer intruders, skilled enough to penetrate
sophisticated systems and truly to worry corporate security and law
enforcement.
Another interesting speculation is whether this group is growing or not.
Young teenage hackers are often convinced that hackers exist in vast
swarms and will soon dominate the cybernetic universe. Older and
wiser veterans, perhaps as wizened as 24 or 25 years old, are convinced
that the glory days are long gone, that the cops have the underground's
number now, and that kids these days are dirt-stupid and just
want to play Nintendo.
My own assessment is that computer intrusion, as a non-profit act of
intellectual exploration and mastery, is in slow decline, at least in the
United States; but that electronic fraud, especially telecommunication
crime, is growing by leaps and bounds.
One might find a useful parallel to the digital underground in the drug
underground. There was a time, now much-obscured by historical
revisionism, when Bohemians freely shared joints at concerts, and hip,
small- scale marijuana dealers might turn people on just for the sake of
enjoying a long stoned conversation about the Doors and Allen Ginsberg.
Now drugs are increasingly verboten, except in a high-stakes, highlycriminal
world of highly addictive drugs. Over years of disenchantment
and police harassment, a vaguely ideological, free-wheeling drug
underground has relinquished the business of drug- dealing to a far
more savage criminal hard-core. This is not a pleasant prospect to
contemplate, but the analogy is fairly compelling.
What does an underground board look like? What distinguishes it from
a standard board? It isn't necessarily the conversation — hackers often
talk about common board topics, such as hardware, software, sex, science
fiction, current events, politics, movies, personal gossip.
Underground boards can best be distinguished by their files, or
"philes," pre-composed texts which teach the techniques and ethos of
the underground. These are prized reservoirs of forbidden knowledge.
Some are anonymous, but most proudly bear the handle of the "hacker"
who has created them, and his group affiliation, if he has one.
Here is a partial table-of-contents of philes from an underground
board, somewhere in the heart of middle America, circa 1991. The
descriptions are mostly self- explanatory.
BANKAMER.ZIP 5406 06-11-91 Hacking Bank America
CHHACK.ZIP 4481 06-11-91 Chilton Hacking
CITIBANK.ZIP 4118 06-11-91 Hacking Citibank
CREDIMTC.ZIP 3241 06-11-91 Hacking Mtc Credit
Company
DIGEST.ZIP 5159 06-11-91 Hackers Digest
HACK.ZIP 14031 06-11-91 How To Hack
HACKBAS.ZIP 5073 06-11-91 Basics Of Hacking
HACKDICT.ZIP 42774 06-11-91 Hackers Dictionary
HACKER.ZIP 57938 06-11-91 Hacker Info
HACKERME.ZIP 3148 06-11-91 Hackers Manual
HACKHAND.ZIP 4814 06-11-91 Hackers Handbook
HACKTHES.ZIP 48290 06-11-91 Hackers Thesis
HACKVMS.ZIP 4696 06-11-91 Hacking Vms Systems
MCDON.ZIP 3830 06-11-91 Hacking Macdonalds
(Home Of The Archs)
P500UNIX.ZIP 15525 06-11-91 Phortune 500 Guide To
Unix
RADHACK.ZIP 8411 06-11-91 Radio Hacking
TAOTRASH.DOC 4096 12-25-89 Suggestions For
Trashing
TECHHACK.ZIP 5063 06-11-91 Technical Hacking
The files above are do-it-yourself manuals about computer intrusion.
The above is only a small section of a much larger library of hacking and
phreaking techniques and history. We now move into a different and
perhaps surprising area.
No comments:
Post a Comment